alera.in
Open in
urlscan Pro
162.241.169.247
Malicious Activity!
Public Scan
Effective URL: https://alera.in/wp-admin/includes/wp/office/login/
Submission: On October 12 via manual from US — Scanned from AU
Summary
TLS certificate: Issued by R3 on September 22nd 2022. Valid for: 3 months.
This is the only time alera.in was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 52.95.128.231 52.95.128.231 | 16509 (AMAZON-02) (AMAZON-02) | |
8 | 162.241.169.247 162.241.169.247 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
13 | 152.199.39.108 152.199.39.108 | 15133 (EDGECAST) (EDGECAST) | |
1 | 20.72.243.62 20.72.243.62 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
23 | 4 |
ASN16509 (AMAZON-02, US)
PTR: s3-ap-southeast-2.amazonaws.com
s3.ap-southeast-2.amazonaws.com |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-241-169-247.unifiedlayer.com
alera.in |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
msftauth.net
acctcdn.msftauth.net — Cisco Umbrella Rank: 5828 |
188 KB |
8 |
alera.in
alera.in |
61 KB |
1 |
live.com
fpt.live.com — Cisco Umbrella Rank: 66819 |
67 B |
1 |
amazonaws.com
s3.ap-southeast-2.amazonaws.com — Cisco Umbrella Rank: 50776 |
562 B |
23 | 4 |
Domain | Requested by | |
---|---|---|
13 | acctcdn.msftauth.net |
alera.in
|
8 | alera.in |
alera.in
|
1 | fpt.live.com |
alera.in
|
1 | s3.ap-southeast-2.amazonaws.com | |
23 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
login.live.com |
www.microsoft.com |
go.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3-ap-southeast-2.amazonaws.com Amazon |
2021-12-15 - 2022-12-14 |
a year | crt.sh |
*.alera.in R3 |
2022-09-22 - 2022-12-21 |
3 months | crt.sh |
identitycdn.msauth.net Microsoft Azure TLS Issuing CA 06 |
2022-08-23 - 2023-08-18 |
a year | crt.sh |
fpt.microsoft.com Microsoft Azure TLS Issuing CA 06 |
2022-07-31 - 2023-07-26 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://alera.in/wp-admin/includes/wp/office/login/
Frame ID: 5A1A34BAC4F1D9E4CAC65DD3E9D572EB
Requests: 22 HTTP requests in this frame
Frame:
https://fpt.live.com/?session_id=c1341992303a47b49e90e621970e3a3d&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU&mkt=EN-US&ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26scope%3dopenid%2bprofile%2bhttps%253a%252f%252fwww.office.com%252fv2%252fOfficeHome.All%26redirect_uri%3dhttps%253a%252f%252fwww.office.com%252flandingv2%26response_type%3dcode%2bid_token%26state%3dsGVQstCt4aHXnEyEMCwFlHPVOZqGHcXGZklLJ0OEAoKQ6RQdX3gJLDvsHEp8yIaA0bTN2wEMwhutG84PGP1k9btKBo1UIhUzNhqXXnSPZ3JJXs_ZAArmWcvjvizT_0QAD6ZaYeHu7oGBAJozbZNSbol4J5nRQrFV28ym8c-bkxUDNMh11D40tVwlHkeGgqqj6HWff0e2Oblj5e-7Y_MaC9Dnon2PQxVYNpq_7qyLmZpDimgwOqPctU5rNmUMsbrNtzkB2wupG9XKkXfn8HZ_UwxhrKE6v-BW-FYWnMeb15U%26response_mode%3dform_post%26nonce%3d638009296171484898.YmQwZmMzN2EtNWY3NS00NzI4LTliNjMtZmI0NTRjNTMwNzIwYzA0NmM2ZmMtMWJkOS00OWU1LTk1NTYtNGYwZDVjMTQ1NDFh%26x-client-SKU%3dID_NETSTANDARD2_0%26x-client-Ver%3d6.16.0.0%26msproxy%3d1%26issuer%3dmso%26tenant%3dcommon%26ui_locales%3den%26lw%3d1%26fl%3deasi2%26epct%3dAQABAAAAAAD--DLA3VO7QrddgJg7WevrrBD3Gbd6mDmKyRwIZ15s7Vva8qLzjOO1ujbWk1QkfZnAE8Ta5zU8Cps-bF5UVwIlFS3KrXQjRsI-6zPmXOY2MAcsCcK0o0hzNz2BQ7h0_FQCgh0K_lj_PguIFqOSdx4NczNwsWesnyZ8WhRMr5Tj0ld1uERxc3kLMrXcwgPmRFuYfHJ-F52vvUCGfsAB14jw0rO-SOS99bXBsOgzS7r3hCAA%26jshs%3d0%26mkt%3dEN-US%26uaid%3dc1341992303a47b49e90e621970e3a3d%26contextid%3d980CEEF437F2391B%26mssupv%3d1
Frame ID: 80DC1F0EE1E8575B5F11F8C61DD2AE1E
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
LoginPage URL History Show full URLs
- https://s3.ap-southeast-2.amazonaws.com/au889279094/office365.html Page URL
- https://alera.in/wp-admin/includes/wp/office/login/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Create one!
Search URL Search Domain Scan URL
Title: Terms of Use
Search URL Search Domain Scan URL
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://s3.ap-southeast-2.amazonaws.com/au889279094/office365.html Page URL
- https://alera.in/wp-admin/includes/wp/office/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
office365.html
s3.ap-southeast-2.amazonaws.com/au889279094/ |
206 B 562 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
alera.in/wp-admin/includes/wp/office/login/ |
170 KB 61 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged_ux_v2_K7ehqpswU38q5dsLvSJA0g2.css
acctcdn.msftauth.net/ |
93 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js
acctcdn.msftauth.net/ |
22 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js
acctcdn.msftauth.net/ |
78 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lwsignupstringscountrybirthdate_en-us_Hu9XQvsxbdtI5Cn8ywiXCA2.js
acctcdn.msftauth.net/ |
25 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lightweightsignuppackage_7MUFZSQjQ3HhXJmM1cidfQ2.js
acctcdn.msftauth.net/ |
197 KB 50 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js
acctcdn.msftauth.net/ |
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
acctcdn.msftauth.net/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg
acctcdn.msftauth.net/images/ |
224 B 331 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oneds_CBxZrnSxLbjHuOGn7pHqpg2.js
acctcdn.msftauth.net/ |
82 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
alera.in/Resources/images/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
alera.in/Resources/images/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2_vD0yppaJX3jBnfbHF1hqXQ2.svg
alera.in/Resources/images/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2_vD0yppaJX3jBnfbHF1hqXQ2.svg
acctcdn.msftauth.net/images/ |
2 KB 838 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
fpt.live.com/ Frame 80DC |
0 67 B |
Document
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js
acctcdn.msftauth.net/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
watson_DOaS_v-h3FCKtNPQv8zSLw2.js
acctcdn.msftauth.net/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
Watson
alera.in/handlers/ |
0 0 |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
alera.in/Resources/images/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
alera.in/Resources/images/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2_vD0yppaJX3jBnfbHF1hqXQ2.svg
alera.in/Resources/images/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js
acctcdn.msftauth.net/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)125 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| $PageHelper object| $Debug object| $Do function| $Loader object| $WebWatson object| $OneDs object| Debug function| $setVar function| registerNamespace object| wLive object| $ClientTelemetry object| $Api object| $PltHelper object| $PltTransferBucket function| $AccountEventApi object| $ClientEvents object| $DataRequest object| $B object| $Config object| $ReportEvent function| _addEventListener function| _getOrSetPropsOnElements function| _forEachKey function| _parseDataAndHandler function| _parseOnArgs function| _elementFromHtmlString function| _setCacheValue function| _getCacheValue function| _animate function| _isHtmlElementList function| _hasCheckedAttribute function| _isHtmlElementOrDocument function| _createEvent string| c_block string| c_display string| c_none string| c_object string| c_style string| c_string object| w function| jQueryShim function| EventShim function| getId function| getKey function| defineNamespace function| defineClass function| defineSubClass function| appendFunction function| mix function| bind function| WizardExternalHelper object| ExternalHelper object| KnockoutExtensions object| ko function| Encrypt function| PackageSAData function| PackagePwdOnly function| PackagePinOnly function| PackageLoginIntData function| PackageSADataForProof function| PackageNewPwdOnly function| PackageNewAndOldPwd function| mapByteToBase64 function| base64Encode function| byteArrayToBase64 function| parseRSAKeyFromString function| RSAEncrypt function| RSAEncryptBlock function| JSMPnumber function| duplicateMP function| byteArrayToMP function| mpToByteArray function| modularExp function| modularMultiply function| multiplyMP function| normalizeJSMP function| removeLeadingZeroes function| divideMP function| multiplyAndSubtract function| applyPKCSv2Padding function| MGF function| XORarrays function| SHA1 function| wordToBytes function| PadSHA1Input function| SHA1RoundFunction function| rotateLeft function| hexStringToMP object| _d function| _ce function| _ge function| _get object| _dh object| $Utility object| $Beacon object| $Cookie object| $f object| _msaEventShim function| OnBack function| OnNext object| requests function| evt_master_onload object| Telemetry object| Microsoft object| telemetry_webpackJsonp object| $Telemetry string| Key string| randomNum string| SKI object| e function| n object| oneDS function| $ function| jQuery object| jQuery1102061601867063711560 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
acctcdn.msftauth.net
alera.in
fpt.live.com
s3.ap-southeast-2.amazonaws.com
152.199.39.108
162.241.169.247
20.72.243.62
52.95.128.231
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
33db759081709f1678c1ef6c31995313263764e1a977bba8e4f3f660ad5d8c4e
3c829dcf48768082a6177b77ae4e499337ed4c8bd056705cdb1e979f7b6efce5
4c0dbcb746bd0c98361820651c1f2893c8b38fbcbd54bb72e14eca923aedfb0c
5776881753b95a0abe5d1f6efe3abe7b83a3265eaccd117dd948e523c044600c
617e32ca57507098771fd30af6b9dcab063448f6d7e0bc6d6557dd1895f80543
6475d6174947ecc39ac5182a69bd78193a13af57b3a53c1d2c34836e85f4d0bd
6f431bea009c0266d9648f9c8b845bacbbbf4abc0d9d885c2045f474f181e502
8b5644f2894235ecf00578a01be552a541c3778b0af55e6a724ea52bf95b4460
93ab478d7a7a79e7723b0d968b7a98230c8f991bd4e2cea5798e23dfca7280e3
96d52bd03e244a44931a541a807067792d638dd29ec14a87a78f2be85d12d19a
dc0924a4eb17e28bd545fea90e234644470649cb538e22c7fbc66081ac36a56a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f96ff06de281bf6717aab053393d6ae269806ebf1130a4af94cab62191d0f921